Runtimes [clear filter]
Tuesday, November 19

2:25pm PST

PodOverhead: Accounting for Greater Cluster Stability - Eric Ernst, Intel
Accounting is very important in Kubernetes. Better accounting leads to improved node stability, density, and more accurate charging users based on their actual resource utilization. Unfortunately, there are gaps in resource accounting in Kubernetes today, mostly based on the fact that running a pod is not actually free.

In Kubernetes 1.16, the PodOverhead feature is introduced to fix these issues.

We’ll dive into the details of a pod’s journey from client CLI to running on a node, touching on kubectl, API server, admission controllers, etcd, scheduler, kubelet, containerd/cri-o, and runtimes like Kata Containers and gVisor. Through this we will highlight the current gaps and how the PodOverhead feature addresses them.

Attend to get a basic understanding of the Pod creation process, and learn what the new PodOverhead feature is and how it can be used to improve cluster stability.

avatar for Eric	Ernst

Eric Ernst

Senior software engineer, Intel
Eric is a senior software engineer at Intel’s Open Source Technology Center, based out of Portland, Oregon. Eric has spent the last several years working on embedded firmware and the Linux kernel. Eric has been a developer and technical lead for the Intel Clear Containers project... Read More →

Tuesday November 19, 2019 2:25pm - 3:00pm PST
Room 1AB - San Diego Convention Center Upper Level

3:20pm PST

Superpowers for Windows Containers - Deep Debroy & Jean Rouge, Docker
The Windows Operating System does not support privileged operations from inside a container today. Daemon-sets on Windows nodes in Kubernetes clusters that need to perform configuration actions on the node are significantly impacted by the absence of privileged mode support on Windows. In this talk we:
1. Explore the pros and cons of the options the SIG Windows community brainstormed to provide containers running on Windows the ability to perform privileged operations while being managed by Kubernetes.
2. Delve into the specific characteristics of the privileged proxy approach we decided to adopt.
3. Demonstrate how the privileged proxy approach is used to support privileged operations that need to be executed by daemon-sets associated with CSI plugins running on Windows nodes in a Kubernetes cluster.

avatar for Deep Debroy

Deep Debroy

Software Engineering Manager, Docker
Deep Debroy is a software Engineering Manager at Docker Inc. focussing on different aspects of enabling Windows workloads on Kubernetes as well as Persistent Storage in general. He is an active contributor to Kubernetes projects under SIG Windows and SIG Storage.

Jean Rouge

Senior Software Engineer, Docker
Jean is a Senior Software Engineer at Docker and an active contributor in kubernetes and various Docker open-source projects. Most recently he has led the work around GMSA support in Windows on Kubernetes. He's been passionate about DevOps since the beginning of his career: he's worked... Read More →

Tuesday November 19, 2019 3:20pm - 3:55pm PST
Room 7AB - San Diego Convention Center Upper Level

4:25pm PST

Extending containerd - Samuel Karp & Maksym Pavlenko, Amazon
containerd, a graduated CNCF project, is a widely used container runtime that provides core functionality for Docker. containerd was designed to be small and simple, but also very modular and extensible. This talk covers the architecture of containerd, explains the responsibilities of each component, and dives deep into containerd’s facility for extension. We’ll cover the individual gRPC services that make up containerd and show how they can be extended with proxy plugins, Go plugins, process interfaces (OCI runtimes and process-based logging), thick client implementations, and build-your-own containerd for compiled-in extension. These extension mechanisms can be shown with simple examples and real-world use in the firecracker-containerd project.

avatar for Samuel Karp

Samuel Karp

Senior Software Development Engineer, Amazon Web Services
Samuel Karp is a Senior Software Development Engineer at AWS working on containers and helping to build core components behind AWS Fargate, Amazon EKS, and Amazon ECS. Sam has been a contributor to Docker/Moby since 2015 and to containerd since 2017, and is currently building the... Read More →
avatar for Maksym Pavlenko

Maksym Pavlenko

Software Development Engineer, Amazon Web Services
Maksym Pavlenko is a Software Development Engineer at AWS working on containers and helping to build core components behind AWS Fargate, Amazon EKS, and Amazon ECS. Maksym is a maintainer in containerd, and is currently building the firecracker-containerd project to run containers... Read More →

Tuesday November 19, 2019 4:25pm - 5:00pm PST
Room 5AB - San Diego Convention Center Upper Level
Wednesday, November 20

3:20pm PST

Mitigating Noisy Neighbours: Advanced Container Resource Management - Alexander Kanevskiy, Intel
In large clusters, some applications attempt to consume a majority of shared resources. These "noisy neighbours" cause performance degradation for other workloads in the cluster. At this time, Kubernetes has mechanisms to mitigate this behaviour for CPU and memory only. This talk discusses methods for extending fine-grained resource control on other shared resources, such as block and PCIe I/O, shared CPU caches, and others. It demonstrates how to utilize extensibility points of CRI-O and containerd runtimes to achieve fine-grained resource control. The talk also presents an approach for evolving this method into an extensive and fully dynamic resource management solution for Kubernetes.

- Problem Statement: different types of "noisy neighbours"
- Resource management on kernel, OCI, and Kubernetes levels
- Stitching the pieces together: dynamic container resource management

avatar for Alexander Kanevskiy

Alexander Kanevskiy

Mr., Intel
Alexander is currently employed by Intel as Principal Engineer, Cloud Software, focusing on various aspects in Kubernetes: Resource Management, Device plugins for hardware accelerators, Cluster Lifecycle and Cluster APIs. Alexander has over 25+ years of experience in areas of Linux... Read More →

Wednesday November 20, 2019 3:20pm - 3:55pm PST
Hall D - San Diego Convention Center

4:25pm PST

Let's Try All the CRI Runtimes: Part 2: Answering the Why Question! - Phil Estes, IBM
In Barcelona, we raced through seven different container runtime setups from Docker to cri-o to containerd--including interesting projects like AWS's Firecracker, Kata containers and gVisor. For each we demonstrated how to allow Kubernetes to use each one of them using either RuntimeClass or standard kubelet CRI configuration parameters and then gave a quick highlight of their feature set, maturity, and usage in the ecosystem.

While we successfully demo'd each runtime, we didn't have time to assess each of them with regards to the "why?" question: why would an operator or user choose one of these runtimes? In this "Part 2" talk we will take the time to walk back through each runtime, cover updates to the project since May, look at performance and security characteristics, and answer the why question for each one!

avatar for Phil Estes

Phil Estes

Principal Engineer, AWS
Phil is a Principal Engineer for Amazon Web Services (AWS), focused on core container technologies that power AWS container offerings like Fargate, EKS, and ECS.Phil is currently an active contributor and maintainer for the CNCF containerd runtime project, and participates in the... Read More →

Wednesday November 20, 2019 4:25pm - 5:00pm PST
Room 1AB - San Diego Convention Center Upper Level

5:20pm PST

Open Source Weave Ignite - The GitOps VM - Mark Emeis, Weaveworks
Weave Ignite is a new open source tool that combines Firecracker microVMs with OCI images, containerd and CNI to unify containers and VMs. It integrates with Kubernetes and GitOps operators so it can be managed declaratively like Kubernetes itself and Terraform.

Ignite is fast and secure because of Firecracker, AWS’ oss KVM implementation that is optimised for speed, low resource consumption, high security, and isolation. With Ignite, users can:
*Launch and manage entire “app ready” stacks from Git
*Run legacy or special apps in lightweight VMs (eg for multi-tenancy)
*Run a cloud of VMs ‘anywhere’ using Kubernetes for orchestration, Ignite for virtualization, GitOps for management, and supporting cloud native tools and APIs.

Ignite contributor Mark Emeis will share why Kubernetes SIG Lead and Weaveworks DX Engineer, Lucas Käldström, created Ignite, how it works, and how to get started.

avatar for Mark Emeis

Mark Emeis

Engineering Manager, Weaveworks
Mark has nearly 30 years of experience in the software industry. He has written software at all layers of the software stack, in numerous languages, from direct to consumer to enterprise software products. He leads the development for the WKP project at Weaveworks and is a member... Read More →

Wednesday November 20, 2019 5:20pm - 5:55pm PST
Room 6E - San Diego Convention Center Upper Level

Filter sessions
Apply filters to sessions.